The attack vector for this vulnerability is a specially crafted Microsoft Word file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS08-009.

Applies to: Word 2007, 2003, XP, and 2000.

Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, the vulnerability exists in all editions of Word, making the development of an exploit by third parties highly likely. You should test and deploy this update as a part of your organization’s accelerated patch management strategy.

The attack vector for this vulnerability is a specially crafted Microsoft Publisher file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletins MS08-012 and MS07-037.

Applies to: Publisher 2007, 2003, XP, and 2000.

Recommendation: Microsoft rates this update as critical. Although the vulnerability has been privately reported to Microsoft and a public exploit is not presently believed to exist, the vulnerability exists in all editions of Publisher. Because Publisher is less widely deployed than Word, this update, although critical, should be assigned a lower priority for testing and deployment than MS08-026. If your organization uses Publisher, you should test and deploy this update as a part of your organization’s patch management strategy.

The attack vector for this vulnerability is a specially crafted .mdb file or a Microsoft Office file that includes an embedded .mdb file. The most severe consequence from an attack leveraging this vulnerability is an attacker gaining complete control over the affected computer. This bulletin replaces previous bulletin MS04-014.

Recommendation: Microsoft rates this update as critical. In the event that you have not already deployed Windows Server 2003 SP2 or Windows XP SP3, you should test and deploy this update to affected systems as part of your organization’s accelerated patch management strategy.

MS08-029: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service

The attack vector for this vulnerability is a specially crafted file which, when scanned by the malware protection engine, would result in a Denial of Service (DoS). This could cause the engine to stop and the computer to automatically restart.

Recommendation: Microsoft rates this update as moderate. Because this update is likely to affect Microsoft Exchange and SharePoint servers, you should test and deploy this update as a part of your organization’s regular patch management strategy.